Technical Field
The present invention relates to access control of programs and more particularly to systems and methods for role based security and role based security analysis.
Description of the Related Art
In Java 2 Enterprise Edition™ (J2EE™) and MICROSOFT™ XML Web Services platform (.NET™) roles are assigned to methods using external configuration files, called the deployment descriptors. The security model of J2EE™ and .NET™ are quite similar, and for simplicity examples herein will employ the Java™ programming language. J2EE™ and the Java™ programming language are trademarks of SUN MICROSYSTEMS™. . . NET™ is a trademark of the MICROSOFT CORPORATION™.
Assigning roles to methods, although conceptually simple, in practice is quite complicated. For instance, in order for a deployer to assign a role r to a method m, the deployer must understand the set of roles R that are assigned to each method n that can be invoked directly or indirectly from m, and that r has to be “consistently” assigned with respect R. Understanding such role consistency is a non-trivial task. Also, in J2EE™ roles are defined with respect to method access and not data access. Therefore, in order to protect sensitive data, one has to encode data access control using method access control. This can lead to interesting and subtle access control problems when accessing sensitive data, including information leakage through data flow from one method to another.